Google File Sharing: 11 Little Known Facts That Are Critical to Your Privacy

Here’s an interesting story about Google file sharing: in February 2016, students of UC Berkley filed a class action lawsuit in the federal court, against Google, for illegally intercepting students’ data for advertising purposes — without any consent.

Google ran the university’s email accounts and provided students with the Google App for Education, which included both Gmail and Google Drive.

While the case is ‘settled,’ (actually, it isn’t settled. The court asked all 876 students who filed the class action lawsuit, to file their individual cases against Google), but this particular case raises a lot of questions about privacy in general.

Time and again, Google has been criticized for its privacy policy. In fact, we all know Google uses data from user devices for data mining.

And yet, we all find ourselves, working with Google’s applications and devices.

Myself included.

And who wouldn’t? Gmail is probably one of the best email services, and Google Docs has completely changed how we work and collaborate online.

But if you too use Google Drive and Google Docs, then before sharing any more files, learn about the facts that are very critical to your “privacy.”

1. There is a Big Difference Between Sharing Privately and Sharing Via a Link

Most users opt to share files via a link, just because it’s easier to take a single link and send it to many users, as opposed to giving each user separate access.

While you might think it’s all the same, these two options are very different from each other, when privacy gets added to the equation.

If I share a file privately with a user, I’ll need their email address, which may or may not be a hassle to get. But it’s a more secure option because only that particular user will have access to my file.

On the contrary, if I share a file through a link, then anybody with that data link can access my file, which means I have absolutely no control over who can see or not see my file, and there is no way to monitor the process.

For instance, if I send someone a Google Drive file via a link, they can quickly take that link, and share it with someone else and so on.

That is why, if you’re sharing critical data through Google, it’s always a better option to share privately.

Note: even after sharing a file using a user’s email address, that user can then share the file further.

Keep reading to know more.

2. Ownership of The File Can be Transferred

A user can also get awarded complete ownership of a shared file. To transfer ownership, go to the Share button and click on Advanced. Click on the drop down button next to a shared user and select ‘Is Owner.’

The implication of transferring ownership means the new owner gets full control over a shared file, and can also stop the previous owner from accessing this particular file.

3. Only the Owner of a File/Folder Can Delete It

Shared files are accessible from the ‘Share with me’ option on Google Drive.

All shared files only count towards the storage quota of the file’s owner. Even if you decide to delete a shared file from the list, it will still be accessible to all other users.

But, if the owner of a shared file decides to remove it, no other user will be able to access it.

The only way to get that file back is by asking the owner to retrieve it from his deleted items list.

4. Gmail Attachments Should be Sent Directly

When sharing a Google Drive file on Gmail, with a user who doesn’t have access to the data, there is a pop-up that usually comes up:

“The Drive file isn’t shared with the recipient.”

And there is a big blue button which says – Share and Send.

Now since the message is a big blue button, we just assume it is the safest and best option. Well, this isn’t an episode of Doctor Who, and blue does not always mean we are in the right place.

When you click on Share and Send, the file becomes public, and anyone with the file’s link can access it.

That is why you should always click on the ‘Send without sharing’ option, which allows Google Docs to get attached as regular files.

5. Mobile Access to Google Docs Negates Two Factor Authentication

But just for user convenience, Google allows users to bypass 2FA on mobiles, (and that is again concerning). While for personal users, it provides secure flexibility.

While for personal users, it provides secure flexibility.

But for companies, 2FA can create a big problem.

If a company uses Google Apps for Work and chooses to enforce 2FA, even then, employees can bypass 2FA on their smartphones.

6. Google’s Terms and Conditions Can Seem Confusing

Regarding all user content that is uploaded to different Google services, this is what Google’s Terms of Service states:

“Some of our Services allow you to upload, submit, store, send or receive content You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours.”

“When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works

The rights that you grant in this license are for the limited purpose of operating, promoting and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing that you have added to Google Maps)”

Basically, what Google is trying to say is “All the content uploaded by you will stay yours. But Google will get a ‘limited license’ which allows the company to use it for data mining.”

And even if files or accounts get deleted, Google will continue to use that content. Still confused? Here is the short version – Google is snooping on all its users.

7. Making a File “Read-Only” is a Bit Complicated

If I’m sharing a file that’s “read-only” with other users, then sharing gets pretty difficult to achieve, with Google’s file sharing options.

Google Drive allows several levels of file permissions, including:

View only: Users can only see a shared file, they cannot make any changes or comment on a file.

Comments only: While users still cannot make any changes to a shared file, they can leave comments.

Edit: The edit option gives users full access to a shared file

The first and most common way to make a file read-only is by ticking the ‘view only’ option. But even with this access level, any user can go to the File option and select ‘Download.’

Luckily, there is a way to disable this option.

Go to the Share option and click on Advanced. Scroll to the bottom and checkmark the option, ‘Disable options to download, print, and copy for commenters and viewers.’

And that’s how a shared file in Google becomes read-only. I would have personally preferred a simpler way to achieve this goal.

8. With Public Sharing Activated, Anyone Can Find a Shared File on Search Engines

For shared file links, Google provides three options.

Notice the two incredibly confusing ‘On’ options? The first one makes a file readily available on the internet.

So, anybody can Google and access it, without logging into their Google account.

The second ‘On’ option only allows users with a file link to access it, and this option is also not secure, as I mentioned above. The best choice is just to stay away from sharing data via links — altogether.

9. Users With “Edit” Access to a File Can Give Access to More Users

Once a file is shared with the Edit permission, that user can then share the file with any number of other users, and the owner won’t even get a notification about it.

This setting is active by default, but it can get deactivated.

In the advanced sharing pane, scroll down and checkmark the option ‘Prevent editors from changing access and adding new people.’

10. Files Shared Within an Organization Can be Shared With Any Outsider

Google Apps for Work allows users to share files only within their organization.

As an example, if a company has unique domain addresses, then an admin can choose only to allow file sharing with emails that end in the company’s exclusive domain name.

But like many other options, this one isn’t activated by default, which means a company employee can share files with users outside of the organization.

Company Acquisition

To get rid of this massive privacy hole, first of all, you need admin access, from the admin console panel, so go to Google Drive’s sharing settings.

Under the option ‘Sharing outside of organization’, select Off. Now, team members will not be able to share files with any users outside the organization.

In other words, users with email addresses other than name@yourdomain.com cannot access any shared file; even with link sharing turned on.

11. When an Account is Deleted, So is The Data

If a Google account gets deleted, then all files and folders connected to it through Google Drive will also be removed.

So, all shared files that other users may have access to will also disappear.

In case your organization uses Google Drive, make sure if an employee is leaving the company, then ownership of all the files is transferred to a different team member before the account is shut down.

In Conclusion…

If you regularly work on critical data which concerns fields like:

Law

Finance

Medicine

Computers

I would suggest not sharing files through Google and just sticking to Microsoft. On the other hand, if you’re just looking to collaborate on documents with other team members, and the data isn’t critical to your business, go for it.

Sign up for our newsletter to get the latest on new releases and more.

As someone writing this article in Google Docs, it’s easy to say that I do put convenience over privacy. And yes, Google knew about this article even before it got published.

Do you have any extra tips or insights to share? Feel free to drop on by the comments section, if that’s the case, and thanks for reading till the end!